Helm, AWS IAM Role & Github Actions

The issue: Kubernetes cluster unreachable

I’m trying to deploy my service (springboot rest api service + postgres database) to an existing EKS cluster using helm chart for Github Action CI pipeline

I’m using the Github federated OIDC to access AWS resource which uses short-lived credentials (no AWS credential leaked!)

The issue is that Github Action failed

Error: INSTALLATION FAILED: Kubernetes cluster unreachable: the server has asked for the client to provide credentials

Enabling IAM user and role access to your cluster

Solution is to add above authorized Github IAM role to aws-auth configmap

$ kubectl edit -n kube-system configmap/aws-auth

edit the file to add

....
mapUsers: |
- userarn: arn:aws:iam::ACCOUNTID:role/github
username: admin
groups:
- system:masters
kind: ConfigMap
...

To make a permanent change to aws-auth configmap

kubectl get -n kube-system configmap/aws-auth -o yaml > auth-cm.yaml#make the above changekubectl apply -f auth-cm.yaml

Helm, AWS IAM Role & Github Actions

The issue: Kubernetes cluster unreachable

Enabling IAM user and role access to your cluster

To make a permanent change to aws-auth configmap

More from Natarajan Santhosh

Recommended from Medium

Kubernetes: A case Study of Huawei

On Account of Legacy Thinking

Getting started with Open Source contributions — What, Why, How

Wanna build a fast, fraud-safe game? Dive into Kafka!

10 Best Free Websites to Learn Programming in 2022

Object/File Storage public REST API

VR Tutorials — How to build a 3D environment, teleport and move #metaverse

Understang Git & Github with Unity

Get the Medium app

Natarajan Santhosh

More from Medium

Installing SonarQube on AWS EC2 instance and Integrating it with AWS CodePipeline

AWS ECR Creation using Terraform

Deploying to AWS Using Bitbucket Pipelines

Networking on AWS — AWS Roadmap